The Estonian Information System Authority (RIA) has issued a call for local businesses to report cyber incidents as a measure to acquire a comprehensive overview of the threats present in the Estonian cyberspace and offer effective solutions to mitigate them.
The RIA has registered 1,569 impactful cyber incidents in the first six months of 2020, with botnet subscriptions as the main variety (46 percent), although there has also been a considerable increase in phishing scams (20 percent), which try to trick users into disclosing their account information for the purposes of conducting subsequent fraudulent activities (e.g. bank account fraud).
Tõnu Tammer, Head of CERT-EE, RIA's cyber incident management department, wrote in a press release: "We are extremely grateful to all companies that notify us about falling victim to cybercrime or even of attempted attacks. This will help us in taking necessary measures to improve the security of the Estonian cyberspace. Immediate feedback from CEOs and IT staff will enable us to offer better protection, and provide help, if necessary."
Tammer said the only way to develop a clear overview of the true extent that companies, institutions and people fall prey to criminal attacks is for companies to report and talk about such incidents.
He went on to explain that although the awareness about cyber threats is gradually improving, the perpetrators are also becoming smarter and more cunning.
Tammer said: "It is clear that the cyber incidents reported to RIA do not reflect the actual scope of attacks on Estonian companies. We are also certain that there is a large number of victims who have not informed us of incidents. We implore everyone to come forward and contribute to helping us improve the safety for the entire Estonian business environment."
According to the head of CERT-EE, people avoid talking about cyberattacks due to various concerns, but fortunately businesses have begun to address this issue more seriously all over the world. "I hope that this trend will take root in Estonia as well."
Tammer added that reporting cyber incidents helps improve the quality of assistance provided and enables the identification of the attack's origins.
He explained: "In case of most frequent root causes, we can build up our capacity to better advise businesses with regard to preventing specific cyber incidents, and make sure that everyone is on the same page."
The RIA states that raising awareness among company managers and employees on the topic of cyber threats is of critical importance, making sure they always carefully check the sender's name and email address and establish clear rules of procedure to address suspicious situations.
Tammer concluded: "We need to take good care of our passwords, computer software updates and backing up our data. The security of national cyberspace depends on each and every one of us acting responsibly and taking necessary precautions."
Detailed information on reporting cyberattacks can be found here.
Editor: Kristjan Kallaste